Understanding GravityZone architecture
The GravityZone console is just one component of a comprehensive security solution, which uses multiple components to provide you will well-rounded security. The other components are as follows:
Web console (GravityZone Control Center)
Bitdefender security solutions are managed within GravityZone from a single point of management, Control Center web console, which provides easier management and access to overall security posture, global security threats, and control over all security modules protecting virtual or physical desktops and servers. Powered by a Gravity Architecture, Control Center is capable of addressing the needs of even the largest organizations.
Control Center, a web-based interface, integrates with the existing system management and monitoring systems to make it simple to apply protection to unmanaged workstations and servers.
Security agents
To protect your network with Bitdefender GravityZone, you must install Bitdefender Endpoint Security Tools on Windows, Linux and macOS endpoints.
Roles
When deploying the security agent on an endpoint, you can choose to assign it a specific role, to help with the functionality and deployment of specific features. Currently, you can assign a security agent the following roles:
Power User - available on Windows
Relay - available on Windows, Linux
Patch Caching Server - available on Windows, Linux
Exchange Protection - available on Windows
Power User
Control Center administrators can grant Power User rights to endpoint users via policy settings. The Power User module enables administration rights at user level, allowing the endpoint user to access and modify security settings via a local console. Control Center is being notified when an endpoint is in Power User mode and the Control Center administrator can always overwrite local security settings.
Important
This module is available only for supported Windows desktop and server operating systems.
Relay
Endpoints using the Bitdefender Endpoint Security Tools Relay role serve as a communication proxy and update servers for other endpoints in the network. Endpoints with relay role are especially required in organizations with isolated networks, where all traffic is made through a single access point.
In companies with distributed networks, the relay agents help lowering the bandwidth usage, by preventing protected endpoints to connect directly to GravityZone.
Once a Bitdefender Endpoint Security Tools Relay agent is installed in the network, other endpoints can be configured via policy to communicate with the Control Center through the relay agent.
Bitdefender Endpoint Security Tools Relay agents serve for the following purposes:
Discovering all unprotected endpoints in the network.
This functionality is essential for the security agent deployment in a cloud GravityZone environment.
Deploying the endpoint agent inside the local network.
Updating protected endpoints in the network.
Ensuring the communication between Control Center and connected endpoints.
Acting as proxy server for protected endpoints.
Optimizing the network traffic during updates, deployments, scanning and other resource-consuming tasks.
Patch Caching Server
Endpoints with the Relay role may also act as a Patch Caching Server. With this role enabled, Relays servers store software patches downloaded from the vendor's websites, and distributes them to target endpoints in your network. Whenever a connected endpoint has software with missing patches, it takes them from the server and not from the vendor's website, optimizing the traffic generated and the network bandwidth load.
Important
This additional role is available with a registered Patch Management add-on.
Exchange Protection
Bitdefender Endpoint Security Tools with an Exchange role can be installed on Microsoft Exchange Servers with the purpose of protecting the Exchange users from email-borne threats.
Bitdefender Endpoint Security Tools with an Exchange role protects both the server machine and the Microsoft Exchange solution.
Security Server
The Security Server is a dedicated virtual machine that deduplicates and centralizes most of the antimalware functionality of antimalware agents, acting as a scan server.
Note
Availability and functioning of this feature may differ depending on the license included in your current plan.
The Security Server must be installed on one or several hosts to accommodate the number of protected virtual machines.